lnorg/documentation
1
2
Fork 0
Code Issues 30 Pull requests Projects 6 Activity

Created initial Alpine-Desktop-Setup documentation

Browse source
This commit is contained in:
Tastatur 2023-12-24 00:38:47 +01:00
parent 45bea9b860
commit 2c65ba8360
2 changed files with 207 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

147
docs/alpine-desktop-setup/installation/installation.md
View file

@ -0,0 +1,147 @@
# Installation
To install the Alpine Linux distribution on the system, the encrypted partition and the efi partition have to be mounted to the main system.
```
# mount /dev/vg0/alproot /mnt -t ext4
# mkdir /mnt/boot/efi -p
# mount /dev/disk/by-label/efi /mnt/boot/efi
```
Then set up the base system using `setup-disk`:
```
# setup-disk -m sys /mnt
```
This will also add grub as bootloader which is going to be replaced on this system but for now it will reside on the boot partition.
Now the other directories are going to be mounted so that it's possible to chroot into the system:
```
# for i in dev proc sys run; do
> mount --rbind --make-rslave /$i /mnt/$i
> done
# chroot /mnt
```
The other "setup" scripts can be used to configure key aspects of the system.
```
# setup-hostname <hostname>
# setup-keymap us us-euro
# setup-timezone -i <Area>/<Subarea>
# passwd root
```
Edit `/etc/fstab` for correct mounts.
```
tmpfs /tmp tmpfs nosuid,nodev 0 0
efivarfs /sys/firmware/efi/efivars efivarfs defaults 0 0
/dev/vg0/alproot / ext4 defaults,noatime 0 1
/dev/vg0/alphome /home ext4 defaults,noatime 0 1
/dev/disk/by-label/efi /boot/efi vfat defaults 0 2
```
By default Alpine Linux uses `mkinitfs` to create initramfs, although it's minimal that also means that it lacks some functionality which is needed for a proper setup.
Because of this `mkinitfs` and `grub-efi `will be replaced with `booster` and `secureboot-hook`.
```
# apk add booster secureboot-hook sbctl
# apk del mkinitfs grub-efi
```
To configure booster edit `/etc/booster.yaml`:
```
busybox: true
modules: vfat,nls_cp437,nls_iso8859_1
enable_lvm: true
```
The most important step is the creation of uki's using `secureboot-hook` which also automatically signs them. First the hook itself will have to be tweaked to use `booster` instead of `mkinitfs`, edit `/usr/share/kernel-hooks.d/secureboot.hook` and change the line:
```
/sbin/mkinitfs -o "$tmpdir"/initramfs "$NEW_VERSION-$FLAVOR"
```
To:
```
/usr/bin/booster build "$tmpdir"/initramfs --kernel-version "$NEW_VERSION-$FLAVOR"
```
And configure `/etc/kernel-hooks.d/secureboot.conf` for cmdline and secureboot.
```
cmdline="rw rd.luks.name=<uuid>=root root=/dev/vg0/alproot modules=ext4 quiet splash rd.lvm.vg=vg0"
signing_cert="/usr/share/secureboot/keys/db/db.pem"
signing_key="/usr/share/secureboot/keys/db/db.key"
output_dir="/boot/efi/EFI/Linux"
output_name="alpine-linux-{flavor}.efi"
```
Here `<uuid>` has to be replaced with the uuid of the partition which contains our volume group:
```
# blkid -o value -s UUID /dev/<disk2> >> /etc/kernel-hooks.d/secureboot.conf
```
All that's left for booting is secureboot which `sbctl` will be used for to create keys, and sign some executables with.
```
# sbctl create-keys
# sbctl enroll-keys
# sbctl sign -s /boot/efi/EFI/Boot/BOOTX64.EF
...
```
> Don't forget to set secureboot to setup mode during boot (although this can be done later too)!
Now to see if everything went succesfully run:
```
# apk fix kernel-hooks
```
And it should give no warnings if done properly.
Before finishing up the installation `networkmanager` will be install for networking.
```
# apk add networkmanager
# setup-devd udev
# apk add networkmanager-wifi
# rc-update add networkmanager default
```
Wifi will not yet work but this is will be done later on.
To make our lives easier we'll also install `gummiboot` as a bootloader.
```
# apk add gummiboot
# gummiboot install
# sbctl sign -s /boot/efi/EFI/gummiboot/gummibootx64.efi
```
And also remove some junk left over by grub.
```
# rm -rf /boot/efi/EFI/alpine
```
Now exit out of the chroot and you should be able to reboot into a working Alpine system.
```
# exit
# umount -lf /mnt
# reboot now
```
> Do note that "Linux Boot Manager" will have to be set to load first in your bios.

60
docs/alpine-desktop-setup/installation/provisioning.md
View file

@ -0,0 +1,60 @@
# Provisioning
The first thing to do is to partition a disk. For this internet is required because `gptfdisk` only available in the repositories and is not included on the extended Iso.
To set it up we'll use `setup-interfaces` and `setup-apkrepos`.
```
# setup-interfaces -ar
# setup-apkrepos -c1
```
Because the Alpine Linux Iso is pretty minimal a few packages will have to be installed first:
```
# apk add cryptsetup lvm2 lsblk e2fsprogs gptfdisk
```
The drive should be partitioned using `gdisk` (or `cfdisk`). It should have atleast two partitions with one `EFI System` Partition and one `Linux filesystem` partition and look something like this:
| Number of partition | Size | Type |
|:-----:|:-----:|:-----:|
| 1 | 512 MB or more | EFI System |
| 2 | Rest of the drive | Linux filesystem |
Then to create the filesystem on the efi partition.
```
# mkfs.fat -F 32 -n efi /dev/<disk1>
```
And the encrypted filesystem on the root partition.
```
# cryptsetup luksFormat /dev/<disk2> --type luks2 --label luks
# cryptsetup open --type luks /dev/<disk2> pv0
```
Now to create a new LVM volume group:
```
# vgcreate vg0 /dev/mapper/pv0
```
To create partitions inside the volume group:
```
# lvcreate --name alproot -L 64G vg0
# lvcreate --name alphome -l 100%FREE vg0
```
Now the home partition fills the entirety of the volume group. These sizes should be changed depending on the needs of the user.
To create the filesystems on the logical partitions:
```
# mkfs.ext4 -L alpine-root /dev/vg0/alproot
# mkfs.ext4 -L alpine-home /dev/vg0/alphome
```
Other filesystems can also be used but `ext4` is the standard for most linux distrobutions.